On Thu, Nov 4, 2010 at 1:47 PM, Daniel Stenberg <[email protected]> wrote: > Peter Sylvester pointed out[1] previously about the hostname in SNI: > > "HostName" contains the fully qualified DNS hostname of the server > Literal IPv4 and IPv6 addresses are not permitted in "HostName". > > The existing Curl_inet_pton() checks in the code makes sure of that, but not > after this patch. > > The Curl_inet_pton() checks against conn->host.name in the code needs to be > modified accordingly in your patch to check the 'hostname' variable instead. > > Don't you agree?
I'm not sure I understand what you mean. From the relevant code:
if ((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
sni &&
!SSL_set_tlsext_host_name(connssl->handle, hostname))
The Curl_inet_pton checks are always executed no matter what I pass to
SSL_set_tlsext_host_name.
Or do you mean that the Curl_inet_pton calls should check the custom
host name instead of the connection host name? If so here's an updated
patch.
--
Phusion | The Computer Science Company
Web: http://www.phusion.nl/
E-mail: [email protected]
Chamber of commerce no: 08173483 (The Netherlands)
0001-OpenSSL-SNI-host-name-should-be-set-to-the-custom-Ho.patch
Description: Binary data
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
